With today's unprecedented connectivity comes extraordinary risk, as malware, ransomware, and other unwanted Internet and computer intrusions are becoming increasingly sophisticated. Breaches now generate headlines on a daily basis and earn priority attention in corporate boardrooms and government agencies across the U.S. and around the world.
Who We Are
As the premier law firm provider to technology companies, Wilson Sonsini Goodrich & Rosati was one of the first firms to form a multi-disciplinary team of experienced attorneys to advise companies on computer- and Internet-based attacks. However, we have more than just a head start when it comes to helping clients manage the latest, most menacing cybersecurity issues—in fact, a distinguishing feature of our team is its roster of government and agency veterans. Our practice includes former senior officials in the U.S. Department of Justice's National Security Division, the Federal Trade Commission's Bureau of Consumer Protection, the U.S. military contracting functions, and the former Chancellor of the Delaware Court of Chancery. It also includes some of the nation's leading privacy litigators, who have worked on the most cutting-edge data privacy issues for technology companies.
WSGR's cybersecurity practice is comprised of recognized practitioners from cross-disciplinary practices that focus on proactive compliance efforts, enforcement, legislative policies, and litigation. Core firm practices that are directly related to cybersecurity include:
Just as "cybersecurity" is a term commonly used to cover a broad range of concepts, the comprehensive expanse of our experience allows us to assist companies at all levels. We advise companies regarding director and officer obligations and duties to guard against breaches, and about what needs to be done to put the enterprise on the right technological footing. We work closely with corporate crisis teams to resolve urgencies resulting from an intrusion, and we represent companies and individual officers in resulting investigations and litigations. We also assist companies that are seeking to enter, or are already in, the business of cybersecurity.
What We Do
First, the firm's cybersecurity practice advises clients on the legal issues associated with preventative measures that help minimize the threat of potential Internet and computer intrusions. We advise clients on their duties and obligations to protect data, including how they can meet those requirements. Our focus is on counseling clients that are seeking to understand their duties to protect the enterprise, and examining the specific legal risks associated with their specific lines of business.
As corporate clients need broader safeguards and monitoring powers to ward off computer-borne attacks, our attorneys offer practical advice on the authority and options available within the bounds of federal and state statutes, including the Wiretap Act, the Stored Communications Act, the Computer Fraud and Abuse Act, and other relevant authorities.
When intrusions or breaches have occurred, our attorneys lead or collaborate with corporate crisis teams, advising on the legal issues arising from the breach and subsequent response, and as appropriate, working with computer forensic service providers to investigate the breach.
We also help companies during post-intrusion recovery stages, advising on what information can be disclosed to third parties, whether, how, and to whom the law requires that notice be provided; and what the companies' available remedy and response options are under relevant laws. When necessary or advisable, the firm can assist clients electing to work with law enforcement or government agencies when responding to a breach.
In addition, our firm's highly skilled litigation attorneys represent companies exposed to potential liability for intrusions. In many instances, our litigation teams have helped clients manage, minimize, or avoid consequences following data breaches and other computer-related events.
Finally, WSGR advises both start-up and established companies operating in the business of cybersecurity. In addition to assisting with the formation and venture financing of early-stage companies that focus on security and data protection, we represent larger, mature private and public companies in the sector, counseling their business and legal teams on what is permitted under U.S. and international laws.
In short, from crises to contracts, and from boardrooms to courtrooms, clients facing enterprise-level cybersecurity issues benefit from our governmental expertise, our insider's perspective on policy and enforcement, our detailed understanding of the technologies involved in computer and network infrastructure attacks, our proven record of advising and defending companies in both the civil and criminal contexts, and our experience counseling companies in the cybersecurity marketplace.
Comprehensive, Cross-Disciplinary Expertise
Privacy and Data Protection
Wilson Sonsini Goodrich & Rosati's privacy and data protection practice includes more than 40 attorneys who focus on U.S. and international laws, regulations, and industry standards that govern the collection, storage, and use of information, representing companies that use or rely on data as part of their business. The team includes former government officials, leading privacy litigators, and experienced compliance attorneys, as well as legislative and regulatory strategists.
Our privacy and data protection attorneys regularly:
- devise appropriate legal responses to computer security breaches;
- help clients create, enhance, and audit privacy and data security policies and programs;
- advise clients on how they can legally collect, use, and share data; and
- defend clients involved in related litigation.
Internet Law and Strategy
Attorneys in our Internet law and strategy practice have advised numerous clients on formidable online security issues, including, for example, business interruptions caused by Internet attacks, the prevention of corporate or consumer data breaches, and mobile computing and smart device security. While representing clients involved in cybersecurity-related lawsuits, our attorneys have established groundbreaking precedent through effective, creative advocacy. We have also developed practical, proven strategies to help clients manage risk by securing data use and better insulating against attacks.
Our national security practice includes data security experts who can advise clients on the best practices for preventing and responding to breaches involving governmental information. Our attorneys also advise clients in the business of cybersecurity to ensure their business models are on sound legal footing. Our team consists of attorneys with substantial expertise in national security issues who advise clients that are dealing with difficult, complicated breaches, including those involving nation state actors.
Our expertise includes advising clients engaged in government contracting, specifically with respect to notification requirements that arise as a result of breaches, such as notifications that are or may be required under the Federal Acquisition Regulations (FAR) or the related Defense Federal Acquisition Regulations (DFAR) administered by the U.S. Department of Defense. We also assist companies engaged in mergers, acquisitions, and other transactions in determining whether a party to the deal meets government certification requirements, including those related to data security and internal controls.
The firm's corporate governance attorneys have an important advisory role in our representation of more than 300 public and 3,000 private companies, which includes Fortune 500 and mid-stage companies from diverse industries. Our clients' boards of directors, senior management, and in-house attorneys rely on our proven practitioners to manage ongoing corporate governance affairs, as well as operational matters, including highly sensitive privacy and data security matters, time-sensitive disclosure issues, and crisis management.
Wilson Sonsini Goodrich & Rosati has an experienced team of attorneys who have represented companies and individuals in conjunction with government investigations and enforcement actions, including those related to possible or actual data breaches. Our attorneys have assisted clients during all phases of inquiry, from advising on initial fact-finding efforts (including responding to letters of inquiry or subpoenas) to more formal investigations (including representing clients in parallel criminal and civil proceedings).
We have frequently been retained to intervene in government investigations at the request of in-house counsel, senior management, boards, audit committees, and existing outside counsel. Our government investigations clients have included mid-size to global companies, many in highly competitive industries.
We advise clients facing inquiries from key federal enforcement agencies, including the Federal Trade Commission, the FBI, the Secret Service and other Department of Homeland Security offices and agencies, members of the Intelligence Community, the Department of Justice, the Securities and Exchange Commission, and state and local agencies, including investigations led by various state attorneys general.